Apple releases iOS 15.2.1 to counter iPhones and iPads against HomeKit fault - TechCrunch

Apple releases iOS 1521 to counter iPhones and iPads against

Apple has fixed a security vulnerability in iOS and iPadOS that could be exploited through HomeKit to launch persistent denial of service (DoS) attacks.

The tech giant released iOS 15.2.1 and iPadOS 15.2.1 on Wednesday to fix the flaw known as "doorLock", which was revealed earlier this month by security researcher Trevor Spiniolas. The beast affects iPhones and iPads running iOS 14.7 via iOS 15.2 and is powered by HomeKit, Apple's smart home platform that allows Apple users to own their smart home devices arrange, communicate with and control them.

To take advantage of the beast, an attacker had to change the name of a HomeKit device to a string larger than 500,000 characters. When that string loads on a user’s iPhone or iPad, the device’s software would be thrown into a denial of service (DoS) state, which would require an emergency reset to free it. But once the device reboots and the user signs back into the iCloud account connected to HomeKit, the beast will be activated again.

Even if a user does not have any device on HomeKit, a home network attacker could create a spoof and trick a user into logging in via phishing email. Worse, Spiniolas warned that attackers could accelerate Door Lock vulnerabilities to launch ransomware attacks against iOS users, locking devices to an unusable state and demanding payment Robot to reset the HomeKit device to a secure wire length.

Spiniolas said Apple had promised to fix the issue in a security update last year, but this was pushed back to "early 2022," prompting Spiniolas to expose the beast for fear that the delay would “Real danger” to consumers.

READ  Google has a Wordle Easter egg and it's cute, okay - TechCrunch

"Despite the fact that they have confirmed a security issue and I have persuaded them many times in the last four months to take the matter seriously, little has been done," he wrote. The status quo was very rare and lacked much detail, even though I asked for them often. "

"Not only is Apple's lack of transparency a concern for security researchers who often work for free, but it poses a threat to the millions of people who use Apple products in their daily lives. by reducing Apple's accountability for security issues. ”

The update can be downloaded now and is available for the iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, 5th generation iPad and beyond onwards, iPad mini 4 and later and iPod touch (7th generation).

Related Posts

Deja una respuesta

Tu dirección de correo electrónico no será publicada.

Subir

We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information